Privacy Policy
This privacy policy applies to the mobile app aggreTrade, also named Aggre Trade Pro - Bitcoin, provided by Ismail Turan-Atmaca. The postal address is available in the German imprint. aggreTrade is a free information and monitoring tool with no account and no cloud profile. This policy explains the limited technical processing that still takes place.
Summary
- No account, login, newsletter or cross-device profile. You do not provide a name, email address or password.
- Market data is delivered through our backend server. Your IP address is transmitted as part of any internet request.
- Push notifications use Firebase Cloud Messaging.
- Firebase Analytics records the
app_launchevent when the app starts. No name, email address or user account is processed. - The app is partly funded by Google AdMob banners and displays non-personalized ads only.
- You retain all rights granted by the GDPR, including access, rectification, erasure, restriction, portability, objection and complaint.
1. Controller
Ismail Turan-Atmaca
Postal address: see the German imprint
Email: supportepiclappscom
A data protection officer is not required under section 38 of the German Federal Data Protection Act.
2. Data processed by the app
Although you do not create an account, the following technical data may be processed:
- IP address when market data is requested from our backend server.
- IP address and anonymous push token when notifications are enabled through Firebase Cloud Messaging.
- IP address, advertising ID and technical device information when an ad is loaded through Google AdMob.
- Pseudonymous app-instance identifier and technical app and device information when an app start is recorded by Firebase Analytics.
Alert settings, your watchlist, theme choice and acceptance of the terms are stored locally on your device and do not leave the device.
3. Live market data through our backend server
aggreTrade receives market data through an aggregation server operated by us, not through a direct connection between your device and a crypto exchange. The following information is transmitted to the server:
- your IP address
- date and time of the request
- technical user-agent information such as platform and app version
Connections are stored in server logs for no longer than 14 days to maintain reliable operation, diagnose errors and prevent misuse. We do not link this information to your identity. Raw market data originates from the public market data APIs of Binance and MEXC.
- Legal basis: Article 6(1)(b) GDPR for the app function selected by you and Article 6(1)(f) GDPR for secure and stable backend operation.
- Hosting location: Berlin, Germany.
- Hosting provider: IONOS SE, Elgendorfer Straße 57, 56410 Montabaur, Germany. A data processing agreement under Article 28 GDPR is in place.
4. Push notifications through Firebase Cloud Messaging
Price and dive alerts use Firebase Cloud Messaging provided by Google Ireland Limited, Gordon House, Barrow Street, Dublin 4, Ireland. When notifications are enabled, an anonymous push token is assigned to your device so alerts can be delivered while the app is in the background.
Firebase Cloud Messaging is used for the push function. Firebase Analytics is used separately as described in section 5. The app does not use Firebase Crashlytics, Performance Monitoring, Remote Config or In-App Messaging.
- Legal basis: Article 6(1)(b) GDPR and section 25(2)(2) TDDDG.
- International transfer: the EU-US Data Privacy Framework adopted on 10 July 2023. Google LLC is certified under this framework.
More information: Firebase privacy information.
5. Usage statistics with Firebase Analytics
The app uses Firebase Analytics provided by Google Ireland Limited. It records the app_launch event when the app starts. The Firebase SDK may associate this event with a pseudonymous app-instance identifier and technical information such as the app version, operating system, device category, language and approximate country-level location. The app does not send a name, email address or self-created user identifier to Analytics.
This processing measures the app's reach and supports technical product decisions. It is not used for automated decision-making under Article 22 GDPR.
- Legal basis: where consent is required, Article 6(1)(a) GDPR together with section 25(1) TDDDG. Otherwise, aggregate reach measurement relies on Article 6(1)(f) GDPR.
- International transfer: as described in section 4.
More information: Firebase privacy information.
6. Google AdMob advertising
The app is partly funded through advertising banners provided by Google AdMob, operated by Google Ireland Limited. Loading an ad transmits the device advertising ID and technical device information to Google for ad delivery and billing.
aggreTrade displays non-personalized ads only. We do not create an interest profile and do not use the Google User Messaging Platform because personalized advertising is disabled. The iOS app does not request App Tracking Transparency permission because no cross-app tracking takes place.
You can reset the advertising ID in your device settings:
- iOS: Settings, Privacy & Security, Apple Advertising
- Android: Settings, Privacy, Ads, Delete advertising ID
- Legal basis: Article 6(1)(f) GDPR and section 25(2)(2) TDDDG for technically required access to the advertising ID.
- International transfer: as described in section 4.
More information: Google advertising technologies.
7. No advertising profiling
Apart from the app-start reach measurement described in section 5, the app does not use Crashlytics, performance monitoring or advertising attribution. We do not create a cross-app interest profile. No automated decision-making under Article 22 GDPR takes place.
8. Recipients and international transfers
- Our backend hosting provider within the European Union under an Article 28 GDPR data processing agreement.
- Google Ireland Limited and Google LLC for Firebase Cloud Messaging, Firebase Analytics and Google AdMob. Transfers to the United States rely on the EU-US Data Privacy Framework.
9. Retention
- Backend server logs: no longer than 14 days unless a security incident requires longer retention.
- Push token: until notifications are disabled or the app is uninstalled.
- Analytics data: according to the retention periods published by Google for Firebase Analytics.
- Advertising ID processing by Google: according to Google's privacy terms.
10. Your rights
- access under Article 15 GDPR
- rectification under Article 16 GDPR
- erasure under Article 17 GDPR
- restriction under Article 18 GDPR
- data portability under Article 20 GDPR
- objection under Article 21 GDPR, particularly to processing based on Article 6(1)(f) GDPR
Send an informal request to supportepiclappscom.
11. Right to lodge a complaint
You may lodge a complaint with a data protection supervisory authority under Article 77 GDPR. The authority responsible for the controller is the State Commissioner for Data Protection and Freedom of Information Baden-Württemberg, Lautenschlagerstraße 20, 70173 Stuttgart, Germany. Website: baden-wuerttemberg.datenschutz.de.
12. Data security
Connections to Google services use TLS encryption. The current app release is migrating the backend connection to end-to-end TLS. Until that work is complete, only public market information, not personal content, is transmitted without TLS between the app and our backend. Avoid unencrypted public Wi-Fi or use an additional VPN connection.
13. Changes to this privacy policy
We may update this policy when app functions or legal requirements change. The current version is available in the app and on this website.